CVE-2024-20400
MEDIUM
Published 2024-07-17T16:29:36.302Z
Actions:
CVSS Score
V3.1
4.7
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2023.03.01
0.001
probability
of exploitation in the wild
There is a 0.1% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-01-25
Exploit Probability
Percentile: 0.280
Higher than 28.0% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page.
Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
X8.5.1
X8.5.3
X8.5
X8.6.1
X8.6
X8.1.1
X8.1.2
X8.1
X8.2.1
X8.2.2
X8.2
X8.7.1
X8.7.2
X8.7.3
X8.7
X8.8.1
X8.8.2
X8.8.3
X8.8
X8.9.1
X8.9.2
X8.9
X8.10.0
X8.10.1
X8.10.2
X8.10.3
X8.10.4
X12.5.8
X12.5.9
X12.5.0
X12.5.2
X12.5.7
X12.5.3
X12.5.4
X12.5.5
X12.5.1
X12.5.6
X12.6.0
X12.6.1
X12.6.2
X12.6.3
X12.6.4
X12.7.0
X12.7.1
X8.11.1
X8.11.2
X8.11.4
X8.11.3
X8.11.0
X14.0.1
X14.0.3
X14.0.2
X14.0.4
X14.0.5
X14.0.6
X14.0.7
X14.0.8
X14.0.9
X14.0.10
X14.0.11
X14.2.1
X14.2.2
X14.2.5
X14.2.6
X14.2.0
X14.2.7
X14.3.0
X14.3.1
X14.3.2
X14.3.3
X14.3.4
X14.3.5
X15.0.0
X15.0.1
Published: 2024-07-17T16:29:36.302Z
Last Modified: 2024-08-01T21:59:41.611Z
Copied to clipboard!